Juniper Networks, Inc.1133 InnovationWaySunnyvale, California 94089USA408-745-2000www.juniper.net
Copyright © 2015, Juniper Networks, Inc. All rights reserved.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
Network Automation OverviewCopyright © 2015, Juniper Networks, Inc.All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.
ENDUSER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttp://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions ofthat EULA.
Copyright © 2015, Juniper Networks, Inc.ii
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Chapter 1 Automation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Introduction to Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
What Is Automation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Why Invest in Network Automation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Automating Network Configuration Changes Using Scripts . . . . . . . . . . . . . . . . . . 17
Using Configuration Management Tools to Automate Network
Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Automating the Provisioning of New Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 2 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
iiiCopyright © 2015, Juniper Networks, Inc.
List of Figures
Chapter 1 Automation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Figure 1: Why We Call It Junos PyEZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
vCopyright © 2015, Juniper Networks, Inc.
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
viiCopyright © 2015, Juniper Networks, Inc.
About the Documentation
• Documentation and Release Notes on page ix
• Documentation Conventions on page ix
• Documentation Feedback on page xi
• Requesting Technical Support on page xii
Documentation and Release Notes
To obtain the most current version of all Juniper Networks®technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at http://www.juniper.net/books.
Documentation Conventions
Table 1 on page x defines notice icons used in this guide.
ixCopyright © 2015, Juniper Networks, Inc.
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware damage.Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Indicates helpful information.Tip
Alerts you to a recommended use or implementation.Best practice
Table 2 on page x defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, type theconfigure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on theterminal screen.
Fixed-width text like this
• A policy term is a named structurethat defines match conditions andactions.
• Junos OS CLI User Guide
• RFC 1997,BGPCommunities Attribute
• Introduces or emphasizes importantnew terms.
• Identifies guide names.
• Identifies RFC and Internet draft titles.
Italic text like this
Configure themachine’s domain name:
[edit]root@# set system domain-namedomain-name
Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.
Italic text like this
Copyright © 2015, Juniper Networks, Inc.x
Network Automation Overview
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
• To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level.
• Theconsoleport is labeledCONSOLE.
Represents names of configurationstatements, commands, files, anddirectories; configurationhierarchy levels;or labels on routing platformcomponents.
Text like this
stub <default-metricmetric>;Encloses optional keywords or variables.< > (angle brackets)
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between themutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.
| (pipe symbol)
rsvp { # Required for dynamicMPLS onlyIndicates a comment specified on thesame lineas theconfiguration statementto which it applies.
# (pound sign)
community namemembers [community-ids ]
Encloses a variable for which you cansubstitute one or more values.
[ ] (square brackets)
[edit]routing-options {static {route default {nexthop address;retain;
}}
}
Identifies a level in the configurationhierarchy.
Indention and braces ( { } )
Identifies a leaf statement at aconfiguration hierarchy level.
; (semicolon)
GUI Conventions
• In the Logical Interfaces box, selectAll Interfaces.
• To cancel the configuration, clickCancel.
Representsgraphicaluser interface(GUI)items you click or select.
Bold text like this
In the configuration editor hierarchy,select Protocols>Ospf.
Separates levels in a hierarchy of menuselections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can provide feedback by using either of the following
methods:
• Online feedback rating system—On any page at the Juniper Networks Technical
Documentation site at http://www.juniper.net/techpubs/index.html, simply click the
stars to rate the content, anduse thepop-up form toprovideuswith informationabout
your experience. Alternately, you can use the online feedback form at
http://www.juniper.net/techpubs/feedback/.
xiCopyright © 2015, Juniper Networks, Inc.
About the Documentation
• E-mail—Sendyourcommentsto [email protected]. Includethedocument
or topic name, URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the JuniperNetworksTechnicalAssistance
Center (JTAC). If you are a customer with an active J-Care or Partner Support Service
support contract, or are covered under warranty, and need post-sales technical support,
you can access our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/.
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides youwith the
following features:
• Find CSC offerings: http://www.juniper.net/customers/support/
• Search for known bugs: http://www2.juniper.net/kb/
• Find product documentation: http://www.juniper.net/techpubs/
• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
• Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
http://kb.juniper.net/InfoCenter/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Casewith JTAC
You can open a case with JTAC on theWeb or by telephone.
• Use the Case Management tool in the CSC at http://www.juniper.net/cm/.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
Copyright © 2015, Juniper Networks, Inc.xii
Network Automation Overview
For international or direct-dial options in countries without toll-free numbers, see
http://www.juniper.net/support/requesting-support.html.
xiiiCopyright © 2015, Juniper Networks, Inc.
About the Documentation
CHAPTER 1
Automation Overview
• Introduction to Automation on page 15
• What Is Automation? on page 15
• Why Invest in Network Automation? on page 16
• Automating Network Configuration Changes Using Scripts on page 17
• UsingConfigurationManagementTools toAutomateNetworkConfiguration. onpage 18
• Automating the Provisioning of New Devices on page 19
Introduction to Automation
Juniper Networks devices running the Junos®operating system (Junos OS) support
comprehensiveautomation facilities. Almostall aspectsof theoperationof your network
can bemanaged programmatically or with scripts. Each of these automationmodalities
are well documented individually, but if you are new to automation, youmight not know
where to start.
Tomake learningaboutautomationeasier,wehavebrokendowntheautomation features
based on the order of their complexity. By following this guide, you can start with easier
(yet still valuable) tasks, and work up to more complicated network management
workflows.
This overview is deliberately selective rather than comprehensive about the tools it
describes. This is intended to facilitate a quick ramp-up. For example, automation
examples are done using the Python language (where possible), because it is easy to
learn, free, and widely supported. Python is also easy to read, serving as an effective
model for solutions crafted with other languages or tools.
RelatedDocumentation
Day One books on Junos OS XML scripting•
• Juniper PyEZ Getting Started Blog Post
What Is Automation?
Automation is configuring amachine to do something for you that you can already do
manually. Youmightwant toautomatea taskbecause it is tedious, repetitive, error prone,
or some combination of these three. For example, youmight want to configure a device
15Copyright © 2015, Juniper Networks, Inc.
running Junos OS to automatically enforce parts of your networking policies, or to have
the device send e-mail to staff when an event occurs.
The approaches to automating a device running Junos OS can be categorized as either
on-box, off-box, or a combination of both.
On-box scripts are installedondevices running JunosOS. These scripts are invokedeither
directly or as a result of certain conditions being met. The two examples mentioned
previously would be implemented with an on-box script. This type of automation tends
to be less complicated and can be a good place to start if you are not familiar with
automation. For more information about on-box scripts, see the Automation Scripting
Feature Guide.
In contrast, off-box automation is managing a device running Junos OS over a network
fromanother system. The other systemcould be a networkmanagement system (NMS)
or it could be your laptop. The advantages of this approach are the availability ofmodern
languages and tools, such as the Python language, as well as the ability to manage
multiple devices from a single system.
Sometimes an automation solution involves an on-box component that acts as an agent
for an off-boxmanagement system running elsewhere. A number of configuration
management products follow this model, such as Puppet and Chef.
RelatedDocumentation
Chef for Junos OS•
• Puppet for Junos OS
Why Invest in Network Automation?
Done properly, automating the management of your network can significantly reduce
your operating expenses. While capital expenses of networking are shrinking, operating
expenses might continue to grow due to increased complexity of your network,, causing
an increase in total cost of ownership. The best way to reduce these costs is through the
automation of your network operations. Paired with proper testing regimes, reliability
and service levels also improve, freeing you to focus on adding greater value to your
business.
Of course, it takes timeandcommitment to implementautomation solutions that include
properly automated tests. Many well-intentioned organizations feel intimidated by the
time and effort required to implement automation; they are already occupied with their
normal day-to-day tasks. Fortunately, you do not have to automate your entire network
at once.
Typically, thebestapproach is to startwith small-scaleprojects inorder togainexperience
and confidence with the tools you choose to use for your implementation. One way to
keep the projects small and to enable rapid iteration and adaptation is to embrace Agile
methodologies, which have been used successfully for software development. Agile
software development is an umbrella term for a number of iterative and incremental
development methodologies, which favor small-scale, well-defined tasks over larger,
less precise ones.
Copyright © 2015, Juniper Networks, Inc.16
Network Automation Overview
Many organizations create Methods of Procedure (MOP) documents. The purpose of
these documents is to act as a checklist for any network changes, encapsulating the
business policies and best practices of an organization. These documents are a great
resource when automating the management of your network. Start with the most basic
proceduresandautomate them.Asyou learnandbecomemoreconfident, youcan tackle
more involved procedures.
The remaining topics in this overview are presented in order of complexity. It is
recommended (though not required) that you gain experience with the earlier topics
before embarking on later topics.
RelatedDocumentation
Automating Network Configuration Changes Using Scripts on page 17•
• AgileMethodology.org
Automating Network Configuration Changes Using Scripts
Whenmaking a change to an existing configuration, such as to accommodate new
requirements, youmight find it helpful to create scripts to capture the more mundane
steps involved in such changes. If there are steps that you always (or often) have to
performwhen youmake changes, you can collect those steps into a script to be run at
the right time. The scripts can be run from theCLImanually by creating an operation (op)
script, or they can be triggered when an event occurs by creating an event script.
In addition to achieving the desired outcomeof your configuration change, you alsowant
to make sure that there are no undesired outcomes. You can automate validation of
future configuration changes by using a commit script, which is executedwhen a commit
is issued. Commit scripts allow you to enforce custom configuration rules and to execute
any additional steps that you want to run automatically.
Creating on-box scripts is detailed in the Automation Scripting Feature Guide.
If you are interested in creating an off-box script or application, then a client that makes
use of the NETCONF protocol is what you want. Raw NETCONF is not well suited for
someone who is learning how to automate network operations. We recommend using
JunosPyEZ.ByusingPythonand the JunosPyEZ library, youcanveryquickly create scripts
tomanage your device running JunosOS. JunosPyEZ takes care ofmuch of the overhead
of connecting and communicating with the device. Figure 1 on page 18 illustrates how,
by leveraging Junos PyEZ, a NETCONF script written in Python is reduced from 48 lines
to just 7.
17Copyright © 2015, Juniper Networks, Inc.
Chapter 1: Automation Overview
Figure 1: WhyWe Call It Junos PyEZ
NETCONFProtocol
g042
955
Or Or
Device RunningJunos OS
Raw Python ncclient
PyEz
NC Client
By using Python and Junos PyEZ on any convenient system (for example, your laptop),
you can connect to a device running Junos OS and quickly examine its attributes. From
there you can add configuration change commands. A good approach to get started is
to copy and run the Junos PyEZ samples, such as “Hello, World”, on your local system,
and then run them successfully against your devices running Junos OS; the samples are
available from GitHub. This will help you gain familiarity and confidence in Junos PyEZ’s
power and utility. The Junos PyEZ documentation is available at Junos PyEZ. For a video
demonstration of Junos PyEZ, see Junos PyEZ - Hello, World.
RelatedDocumentation
Junos PyEZ•
• Junos PyEZ on the TechWiki
Using ConfigurationManagement Tools to Automate Network Configuration.
If you plan to make changes to the configuration of your devices running Junos OS fairly
often, and you need to make similar changes to multiple devices, then you should
investigate configuration management products supported by Juniper Networks. Three
configurationmanagement products currently supported are: Chef, Puppet, andAnsible.
Youmight already be using these products in your data centers. These configuration
management systemsare robust frameworks that supportmonitoringandmanagement
of your IT infrastructure, including your devices running Junos OS.
To learn more about DevOps and automation, see the following articles:
• Automation with Chef/Puppet and Ansible
• Transforming to DevOps with Junos OS
RelatedDocumentation
Ansible for Junos OS•
• Chef for Junos OS
• Puppet for Junos OS
Copyright © 2015, Juniper Networks, Inc.18
Network Automation Overview
Automating the Provisioning of NewDevices
As your business grows, you need to increase your networking capacity to handle that
growth. It would be ideal if you could buy new hardware, plug it in, turn it on, and have it
configure itself and start working right away. The good news is that you definitely can
make this happen, but it takes some time to set up.
The technology that makes this possible is called zero touch provisioning (ZTP), which
is very powerful. With ZTP, you can ship hardware to branch offices without having to
send a network engineer to the sites. The hardware need only be installed and turned
on. It automatically “phones home”, and a server fully configures it remotely. This is just
one of the many applications of ZTP.
RelatedDocumentation
• Understanding Zero Touch Provisioning
• Configuring Zero Touch Provisioning
19Copyright © 2015, Juniper Networks, Inc.
Chapter 1: Automation Overview
Index
Symbols#, comments in configuration statements.....................xi
( ), in syntax descriptions.......................................................xi
< >, in syntax descriptions.....................................................xi
[ ], in configuration statements...........................................xi
{ }, in configuration statements..........................................xi
| (pipe), in syntax descriptions............................................xi
Bbraces, in configuration statements..................................xi
brackets
angle, in syntax descriptions........................................xi
square, in configuration statements.........................xi
Ccomments, in configuration statements.........................xi
conventions
text and syntax...................................................................x
curly braces, in configuration statements.......................xi
customer support....................................................................xii
contacting JTAC...............................................................xii
Ddocumentation
comments on....................................................................xi
Ffont conventions........................................................................x
Mmanuals
comments on....................................................................xi
Pparentheses, in syntax descriptions..................................xi
Ssupport, technical See technical support
syntax conventions...................................................................x
Ttechnical support
contacting JTAC...............................................................xii
23Copyright © 2015, Juniper Networks, Inc.